[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: (ITS#8703) slapd should create its PID file before dropping privileges
- To: openldap-its@OpenLDAP.org
- Subject: Re: (ITS#8703) slapd should create its PID file before dropping privileges
- From: hyc@symas.com
- Date: Sat, 29 Jul 2017 14:55:39 +0000
- Auto-submitted: auto-generated (OpenLDAP-ITS)
michael@orlitzky.com wrote:
> Full_Name: Michael Orlitzky
> Version: 2.4.45
> OS: Gentoo
> URL:
> Submission from: (NULL) (98.218.46.55)
>
>
> The slapd daemon should create its PID file before dropping privileges. This
> represents a minor security issue; additional factors are needed to make it
> exploitable.
>
> Why?
>
> The purpose of the PID file is to hold the PID of the running daemon,
> so that later it can be stopped, restarted, or otherwise signalled
> (many daemons reload their configurations in response to a SIGHUP).
> To fulfill that purpose, the contents of the PID file need to be
> trustworthy. If the PID file is writable by a non-root user, then he
> can replace its contents with the PID of a root process.
Not sure this is a valid concern. The uid used to run services should not
actually have a valid login shell, and thus should not ever be usable for any
purpose other than running the daemon from init.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/